Overview

overview

10

Static

static

10

347eee803a...1N.exe

windows7-x64

10

347eee803a...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    347eee803a8c27ae5a661a1ba746634ee9859eacd68623d56e16b893478e09a1N.exe

  • Size

    324KB

  • Sample

    241208-ab15dswqek

  • MD5

    fe05df4df4141ce2267acc50d674e4c0

  • SHA1

    392192cf1e622653fbf51db14bb2fc9b83b165af

  • SHA256

    347eee803a8c27ae5a661a1ba746634ee9859eacd68623d56e16b893478e09a1

  • SHA512

    dd865f2be9c00e3e672680787da6fa5d3ad8414c96781e3f91f581c77320d4bfa33a46d89761b69544f8fc97468ab11307b515bea1b498af43f09c954643ed5e

  • SSDEEP

    6144:1f6zlbOPQTzrzd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8ws:eFTfp5IFy5BcVPINRFYpfZvTmAWqeMfe

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      347eee803a8c27ae5a661a1ba746634ee9859eacd68623d56e16b893478e09a1N.exe

    • Size

      324KB

    • MD5

      fe05df4df4141ce2267acc50d674e4c0

    • SHA1

      392192cf1e622653fbf51db14bb2fc9b83b165af

    • SHA256

      347eee803a8c27ae5a661a1ba746634ee9859eacd68623d56e16b893478e09a1

    • SHA512

      dd865f2be9c00e3e672680787da6fa5d3ad8414c96781e3f91f581c77320d4bfa33a46d89761b69544f8fc97468ab11307b515bea1b498af43f09c954643ed5e

    • SSDEEP

      6144:1f6zlbOPQTzrzd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8ws:eFTfp5IFy5BcVPINRFYpfZvTmAWqeMfe

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks